Ok, there are a number of problems with his logic behind his "solution" to Synfloods. Allow me to present a few.
1. He assumes Synfloods only originate from spoofed source IPs. While this is usually the case, this is not necessarily always true. 2. Part of his security model relies on rebooting the web server you are using. I don't know about anyone else, but rebooting web servers to generate new cipher keys hardly seems feasible. However, this could probably be addressed (I'm sure somebody could figure out a better way to generate cipher keys). 3. It would be possible to create a (for lack of a better term) pseudo man-in-the-middle attack. Someone could use a compromised host to send a legitimate connection request, capture the SYN/ACK packet, and reuse the token and compromised host's source IP for the Synflood. This token along with the source IP could be used until the web server was rebooted and a new cipher key was generated. I'm sure most cryptographers (which I'm not) would agree that relying on just the source IP for an "encrypted token" is hardly secure. 4. Statements like "...the GENESIS system requires NO local resources..." and "...The use of the GENESIS system delivers true firewall capability and benefits at no cost..." are bogus. GENESIS requires the host to perform encryption on each connection, even before it was established. Encryption ALWAYS requires resources. And this alone does not come anywhere near firewall capabilities. The claim is laughable. 5. His "solution" does nothing to prevent the problem of bandwidth flooding despite his claim that servers would be completely unaffected by spoofed Synfloods. Additionally, it is worth noting that Synfloods are only 1 type of DoS attacks used by script kiddies on the Internet. His idea does nothing to protect against other forms of DoS attacks (Smurf, Jolt2, etc.). And frankly, there are already plenty of other methods to prevent Synfloods from bringing down a web server. His idea is too little too late. Routers, firewalls, and even patched OSes already are capable of resisting a Synflood. What exactly does GENESIS bring to the table that isn't already there? Brownfox -----Original Message----- From: Mathieu Patenaude [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 22, 2001 12:26 PM To: '[EMAIL PROTECTED]' Subject: G.E.N.E.S.I.S at grc.com Go check the Genesis document at https://grc.com/r&d/nomoredos.htm Pretty good info DoS attacks Mathieu
